Welcome to the NI@root Blog

This blog will contain pretty anything NI@root feels is worth publishing. This will include, but not be limited to; Stuffz

Shellshock – CVE-2014-6271 – Exploits in the Wild

*note* This page is being updated as new information comes in. For those who run web applications that could be an attack vector for the BashBug, a.k.a Shellshock, you may want to take this VERY seriously. There are already 4 Metasploit modules in the works. Pull #3880 modules/auxiliary/admin/http/bash_env.rb <- conformed by NI@root Pull #3882 osx vmware/bash priv escalation […]

Read More

Goofy Oracle Reports URLPARAMETER Stuffz

I have already tried to exploit this and it seems it can’t be, or would be very difficult to exploit so I am going to publish this here. Short and sweet. To exploit a vulnerable Oracle Reports server using the URLPARAMETER goes like this. /reports/rwservlet?report=test.rdf+desformat=html+destype=cache+ JOBTYPE=rwurl+URLPARAMETER=”file:///” This will give you the root directory of the […]

Read More

Breach – Texas Department of Family and Protective Services

Thank you Rhino Security Labs! http://www.rhinosecuritylabs.com/oracle-data-exposure-vulnerability/ I am Dana Taylor, founder of NI@root and Lead Researcher at Rhino Security Labs. I recently discovered a significant exposure of data on a government server for Texas Department of Family and Protective Services. The data found was incredibly sensitive and should never have been publicly available. As reported by […]

Read More

No Response From Oracle – RE: Is Dev Server Fully Patched

UPDATE: 02/26/2014 – Oracle responded. I sent them the exploit. Now we wait. I am able to overwrite most files that the oracle account has access to via Oracle Reports 11g which is on a supposedly fully patched 11g weblogic server. http://www.oracle.com/technetwork/middleware/soasuite/learnmore/vmsoa-172279.html I sent an  email to Oracle February 19th at around 10:30 AM and […]

Read More